Abstract
With the ongoing digitalization, identity data leakage and identity theft are a growing threat to individuals, companies and public security in general. For most existing classes of cyber threats, there exists established techniques and even services that generate valuable threat intelligence feeds, however, generating feeds about identity breaches is not deeply researched yet. Even if there are first services for preventing or mitigating identity thefts, most of these services heavily rely on the assumption that the latest leak data is discovered, however, not a single comprehensive study is known which examines how this precondition is fulfilled. In this paper, we introduce a new method for generating a threat intelligence feed about identity breaches so that all the existing preventive and mitigating services can react in a timely manner. Therefore, we develop a system that automatically classifies and extracts threat intelligence information out of an extensive amount of security related news articles. We show that this approach vastly reduces the manual effort for the identity security services, hence, increasing their efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Comodo:https://blog.comodo.com.
- 2.
GBHackers: https://gbhackers.com/category/data-breach/.
- 3.
HackRead: https://www.hackread.com/hacking-news.
- 4.
Help Net Security: https://www.helpnetsecurity.com/view/news/.
- 5.
Infosecurity-Magazine: https://www.infosecurity-magazine.com/news/.
- 6.
Security Gladiators: https://securitygladiators.com/internet-security-news/.
- 7.
Security Week: https://www.securityweek.com.
- 8.
Techworm: https://www.techworm.net.
- 9.
The Hacker News: https://thehackernews.com.
- 10.
Threat Post: https://threatpost.com/blog/.
- 11.
The Guardian: https://www.theguardian.com/international/.
- 12.
Information Week: https://www.informationweek.com/.
- 13.
Naked Security: https://nakedsecurity.sophos.com/.
- 14.
Trendmicro: https://www.trendmicro.com/vinfo/us/security/news/.
- 15.
Cyberdefense Magazine: http://www.cyberdefensemagazine.com/category/news/.
References
Avast Software s.r.o.: Avast Hack Check (2020). https://www.avast.com/hackcheck. Accessed 24 June 2020
Bird, S., Loper, E., Klein, E., Nltk, T.: Natural language toolkit (2020). https://www.nltk.org/. Accessed 23 June 2020
Brown, S., Gommers, J., Serrano, O.: From cyber security information sharing to threat management. In: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 43–49 (2015)
Chang, C.C., Lin, C.J.: LIBSVM: a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 27:1–27:27 (2011). http://www.csie.ntu.edu.tw/~cjlin/libsvm
Chang, C.C., Lin, C.J.: Libsvm: a library for support vector machines. ACM Trans. Intell. Syst. Technol. (TIST) 2(3), 1–27 (2011)
Chismon, D., Ruks, M.: Threat Intelligence: Collecting, Analysing, Evaluating. MWR InfoSecurity Ltd., Basingstoke (2015)
Cios, K.: Data Mining : A Knowledge Discovery Approach. Springer, New York (2007)
Committee C.T.I.T.: Introduction to STIX. https://oasis-open.github.io/cti-documentation/stix/intro. Accessed 24 June 2020
Fan, R.E., Chang, K.W., Hsieh, C.J., Wang, X.R., Lin, C.J.: LIBLINEAR: a library for large linear classification. J. Mach. Learn. Res. 9, 1871–1874 (2008)
Hasso-Plattner-Institut: Wurden Ihre Identitätsdaten ausspioniert? (2020), https://sec.hpi.de/ilc. Accessed 24 June 2020
Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: a case-study of keyloggers and Dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_1
Hsieh, C.J., Chang, K.W., Lin, C.J., Keerthi, S.S., Sundararajan, S.: A dual coordinate descent method for large-scale linear SVM. In: Proceedings of the 25th International Conference on Machine Learning, pp. 408–415 (2008)
Hunt, T.: Have I been pwned? (2020). https://haveibeenpwned.com/. Accessed 24 June 2020
Hutchins, E.M., Cloppert, M.J., Amin, R.M., et al.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issu. Inf. Warf. Secur. Res. 1(1), 80 (2011)
Kilinc, H.H., Cagal, U.: A reputation based trust center model for cyber security. In: 2016 4th International Symposium on Digital Forensic and Security (ISDFS), pp. 1–6. IEEE (2016)
Labani, M., Moradi, P., Ahmadizar, F., Jalili, M.: A novel multivariate filter method for feature selection in text classification problems. Eng. Appl. Artif. Intell. 70, 25–37 (2018)
Li, L., Sullivan, N., Pal, B., Chatterjee, R., Ali, J., Ristenpart, T.: Protocols for checking compromised credentials. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 1387–1403 (2019)
Malderle, T., Knauer, S., Lang, M., Wübbeling, M., Meier, M.: Track down identity leaks using threat intelligence. In: Furnell, S., Mori, P., Weippl, E., Champ, O. (eds.) ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy. SCITEPRESS - Science and Technology Publications, Valetta (2020)
Malderle, T., Wübbeling, M., Knauer, S., Meier, M.: Warning of affected users about an identity leak. In: Madureira, A.M., Abraham, A., Gandhi, N., Silva, C., Antunes, M. (eds.) SoCPaR 2018. AISC, vol. 942, pp. 278–287. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-17065-3_28
Malderle, T., Wübbeling, M., Knauer, S., Sykosch, A., Meier, M.: Gathering and analyzing identity leaks for a proactive warning of affected users. In: Proceedings of the 15th ACM International Conference on Computing Frontiers, CF 2018, pp. 208–211. ACM, New York (2018). https://doi.org/10.1145/3203217.3203269
MISP: Misp - open source threat intelligence platform & open standards for threat information sharing, https://www.misp-project.org/. Accessed 24 June 2020
MITRE: Cyber threat intelligence. https://www.mitre.org/capabilities/cybersecurity/cyber-threat-intelligence. Accessed 24 June 2020
Mozilla Foundation: Firefox Monitor - Frequently asked questions (2020). https://support.mozilla.org/en-US/kb/firefox-monitor-faq. Accessed 24 June 2020
Ou-Yang, L.: Newspaper3k: Article scraping & curation (2019). https://github.com/codelucas/newspaper. Accessed 17 Dec 2019
Pearman, S., et al.: Let’s go in for a closer look: observing passwords in their natural habitat. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 295–310 (2017)
Peng, P., Xu, C., Quinn, L., Hu, H., Viswanath, B., Wang, G.: What Happens After You Leak Your Password: Understanding Credential Sharing on Phishing Sites. In: Asia CCS 2019: Proceedings of the 2019 ACM Asia Conference on Computer and Communications SecurityJuly 2019, pp. 181–192 (2019)
Porter, M.F.: An algorithm for suffix stripping. Program 14(3), 130–137 (1980)
PricewaterhouseCoopers GmbH: Identitätsklau - die Gefahr aus dem Netz (2016). https://www.pwc.de/de/handel-und-konsumguter/assets/cyber-security-identitaetsdiebstahl-2016.pdf. Accessed 24 June 2020
Princeton University: About wordnet. (2010), https://wordnet.princeton.edu. Accessed 24 June 2021
Rehman, A., Javed, K., Babri, H.A., Saeed, M.: Relative discrimination criterion-a novel feature ranking method for text data. Exp. Syst. Appl. 42(7), 3670–3681 (2015)
Salton, G., Buckley, C.: Term-weighting approaches in automatic text retrieval. Inf. Process. Manag. 24(5), 513–523 (1988)
Scrapinghub: Scrapy (2019). https://scrapy.org/. Accessed 17 Dec 2019
Silva, C., Ribeiro, B.: On text-based mining with active learning and background knowledge using SVM. Soft Comput. 11(6), 519–530 (2007)
Sood, G., Cor, K.: Pwned: The risk of exposure from data breaches. In: WebSci 2019 - Proceedings of the 11th ACM Conference on Web Science, pp. 289–292 (2019)
Statista GmbH: Waren Sie schon einmal von Identitätsdiebstahl betroffen, hat also schon einmal jemand Ihre persönlichen Daten missbräuchlich genutzt und Ihnen Schaden zugefügt? (2019). https://de.statista.com/prognosen/953397/. Accessed 24 June 2020
Sun, A., Lim, E.P., Liu, Y.: On strategies for imbalanced text classification using SVM: a comparative study. Decis. Supp. Syst. 48(1), 191–201 (2009)
Symantec Corporation: 2017 - Norton Cyber Security Insights Report - Global Results (2017). https://www.nortonlifelock.com/content/dam/nortonlifelock/docs/about/2017-ncsir-global-results-en.pdf. Accessed 24 June 2020
Thomas, K., et al.: Data breaches, phishing, or malware? In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS 2017, pp. 1421–1434 (2017)
Thomas, K., et al.: Protecting accounts from credential stuffing with password breach alerting. 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14–16, 2019, pp. 1556–1571 (2019)
Universität Bonn: identity leak checker (2020). https://leakchecker.uni-bonn.de/. Accessed 24 June 2020
Uysal, A.K., Gunal, S.: A novel probabilistic feature selection method for text classification. Knowl.-Based Syst. 36, 226–235 (2012)
Vakilinia, I., Cheung, S., Sengupta, S.: Sharing susceptible passwords as cyber threat intelligence feed. In: MILCOM 2018–2018 IEEE Military Communications Conference (MILCOM), pp. 1–6. IEEE (2018)
Wang, C., Jan, S.T., Hu, H., Bossart, D., Wang, G.: The next domino to fall: empirical analysis of user passwords across online services. In:CODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy, pp. 196–203 (2018)
Wash, R., Rader, E., Berman, R., Wellmer, Z.: Understanding password choices: how frequently entered passwords are re-used across websites. In: Twelfth Symposium on Usable Privacy and Security (Soups), p. 175 (2016)
Web.de: Was ist Ihre bevorzugte Methode, die notwendige Menge an Passwörtern zu verwalten? (2019). https://www.slideshare.net/WEBDE_DEUTSCHLAND/passwortstudie-59-der-deutschen-internetnutzer-verwenden-passwrter-mehrfach. Accessed 24 June 2020
Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40
Acknowledgements
We thank Christian Bungartz for helpful discussions on the implementation. We thank Faye Jennifer Lee for designing the pretty pictures in Sect. 4.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Malderle, T., Boes, F., Muuss, G., Wübbeling, M., Meier, M. (2022). Credential Intelligence Agency: A Threat Intelligence Approach to Mitigate Identity Theft. In: Furnell, S., Mori, P., Weippl, E., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2020. Communications in Computer and Information Science, vol 1545. Springer, Cham. https://doi.org/10.1007/978-3-030-94900-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-94900-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-94899-3
Online ISBN: 978-3-030-94900-6
eBook Packages: Computer ScienceComputer Science (R0)